summaryrefslogtreecommitdiffstats
path: root/recipes-containers/lxc
diff options
context:
space:
mode:
authorBogdan Purcareata <bogdan.purcareata@freescale.com>2015-05-04 17:51:58 +0000
committerBruce Ashfield <bruce.ashfield@windriver.com>2015-05-07 14:13:21 -0400
commitc59f888d6149acfd486658bb3a2b4feb4217f29f (patch)
tree60e6aabe73299c0b69623e360f000833a4725688 /recipes-containers/lxc
parentf23b69928351afa165ad7c25b8cc88c2a661a09e (diff)
downloadmeta-virtualization-c59f888d6149acfd486658bb3a2b4feb4217f29f.tar.gz
lxc: Add OpenSSH support for Busybox containers
Add command line parameter to create Busybox containers with OpenSSH support. As a prerequisite, OpenSSH needs to be installed on the host system. Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Diffstat (limited to 'recipes-containers/lxc')
-rw-r--r--recipes-containers/lxc/files/lxc-busybox-add-OpenSSH-support.patch246
-rw-r--r--recipes-containers/lxc/files/make-some-OpenSSH-tools-optional.patch49
-rw-r--r--recipes-containers/lxc/lxc_1.0.7.bb2
3 files changed, 297 insertions, 0 deletions
diff --git a/recipes-containers/lxc/files/lxc-busybox-add-OpenSSH-support.patch b/recipes-containers/lxc/files/lxc-busybox-add-OpenSSH-support.patch
new file mode 100644
index 00000000..f2f332cb
--- /dev/null
+++ b/recipes-containers/lxc/files/lxc-busybox-add-OpenSSH-support.patch
@@ -0,0 +1,246 @@
1From ed52814c776963efdcc9dcda1ec26fc09930ef93 Mon Sep 17 00:00:00 2001
2From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
3Date: Wed, 22 Apr 2015 14:53:32 +0000
4Subject: [PATCH] lxc-busybox: add OpenSSH support
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9Add an additional template parameter for SSH support in the container. Currently
10this can be implemented using the Dropbear or OpenSSH utility. The respective
11tool needs to be available on the host Linux.
12
13If the parameter is omitted, the template will look for the Dropbear utility on
14the host and install it if it is available (legacy behavior).
15
16Adding OpenSSH support has been done following the model in the lxc-sshd
17template.
18
19Upstream-status: Accepted
20[https://github.com/lxc/lxc/commit/ed52814c776963efdcc9dcda1ec26fc09930ef93]
21
22Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
23Acked-by: Stéphane Graber <stgraber@ubuntu.com>
24---
25 templates/lxc-busybox.in | 169 ++++++++++++++++++++++++++++++++++++++---------
26 1 file changed, 139 insertions(+), 30 deletions(-)
27
28diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
29index 7e05bd6..95961a3 100644
30--- a/templates/lxc-busybox.in
31+++ b/templates/lxc-busybox.in
32@@ -22,6 +22,7 @@
33
34 LXC_MAPPED_UID=
35 LXC_MAPPED_GID=
36+SSH=
37
38 # Make sure the usual locations are in PATH
39 export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
40@@ -160,6 +161,116 @@ EOF
41 return $res
42 }
43
44+install_dropbear()
45+{
46+ # copy dropbear binary
47+ cp $(which dropbear) $rootfs/usr/sbin
48+ if [ $? -ne 0 ]; then
49+ echo "Failed to copy dropbear in the rootfs"
50+ return 1
51+ fi
52+
53+ # make symlinks to various ssh utilities
54+ utils="\
55+ $rootfs/usr/bin/dbclient \
56+ $rootfs/usr/bin/scp \
57+ $rootfs/usr/bin/ssh \
58+ $rootfs/usr/sbin/dropbearkey \
59+ $rootfs/usr/sbin/dropbearconvert \
60+ "
61+ echo $utils | xargs -n1 ln -s /usr/sbin/dropbear
62+
63+ # add necessary config files
64+ mkdir $rootfs/etc/dropbear
65+ dropbearkey -t rsa -f $rootfs/etc/dropbear/dropbear_rsa_host_key > /dev/null 2>&1
66+ dropbearkey -t dss -f $rootfs/etc/dropbear/dropbear_dss_host_key > /dev/null 2>&1
67+
68+ echo "'dropbear' ssh utility installed"
69+
70+ return 0
71+}
72+
73+install_openssh()
74+{
75+ # tools to be installed
76+ server_utils="sshd"
77+ client_utils="\
78+ ssh \
79+ scp \
80+ sftp \
81+ ssh-add \
82+ ssh-agent \
83+ ssh-keygen \
84+ ssh-keyscan \
85+ ssh-argv0 \
86+ ssh-copy-id \
87+ "
88+
89+ # new folders used by ssh
90+ ssh_tree="\
91+$rootfs/etc/ssh \
92+$rootfs/var/empty/sshd \
93+$rootfs/var/lib/empty/sshd \
94+$rootfs/var/run/sshd \
95+"
96+
97+ # create folder structure
98+ mkdir -p $ssh_tree
99+ if [ $? -ne 0 ]; then
100+ return 1
101+ fi
102+
103+ # copy binaries
104+ for bin in $server_utils $client_utils; do
105+ tool_path=`which $bin`
106+ cp $tool_path $rootfs/$tool_path
107+ if [ $? -ne 0 ]; then
108+ echo "Unable to copy $tool_path in the rootfs"
109+ return 1
110+ fi
111+ done
112+
113+ # add user and group
114+ cat <<EOF >> $rootfs/etc/passwd
115+sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
116+EOF
117+
118+ cat <<EOF >> $rootfs/etc/group
119+sshd:x:74:
120+EOF
121+
122+ # generate container keys
123+ ssh-keygen -t rsa -N "" -f $rootfs/etc/ssh/ssh_host_rsa_key >/dev/null 2>&1
124+ ssh-keygen -t dsa -N "" -f $rootfs/etc/ssh/ssh_host_dsa_key >/dev/null 2>&1
125+
126+ # by default setup root password with no password
127+ cat <<EOF > $rootfs/etc/ssh/sshd_config
128+Port 22
129+Protocol 2
130+HostKey /etc/ssh/ssh_host_rsa_key
131+HostKey /etc/ssh/ssh_host_dsa_key
132+UsePrivilegeSeparation yes
133+KeyRegenerationInterval 3600
134+ServerKeyBits 768
135+SyslogFacility AUTH
136+LogLevel INFO
137+LoginGraceTime 120
138+PermitRootLogin yes
139+StrictModes yes
140+RSAAuthentication yes
141+PubkeyAuthentication yes
142+IgnoreRhosts yes
143+RhostsRSAAuthentication no
144+HostbasedAuthentication no
145+PermitEmptyPasswords yes
146+ChallengeResponseAuthentication no
147+EOF
148+
149+ echo "'OpenSSH' utility installed"
150+
151+ return 0
152+}
153+
154 configure_busybox()
155 {
156 rootfs=$1
157@@ -230,34 +341,6 @@ EOF
158 lxc-unshare -s MOUNT -- /bin/sh < $CHPASSWD_FILE
159 rm $CHPASSWD_FILE
160
161- # add ssh functionality if dropbear package available on host
162- which dropbear >/dev/null 2>&1
163- if [ $? -eq 0 ]; then
164- # copy dropbear binary
165- cp $(which dropbear) $rootfs/usr/sbin
166- if [ $? -ne 0 ]; then
167- echo "Failed to copy dropbear in the rootfs"
168- return 1
169- fi
170-
171- # make symlinks to various ssh utilities
172- utils="\
173- $rootfs/usr/bin/dbclient \
174- $rootfs/usr/bin/scp \
175- $rootfs/usr/bin/ssh \
176- $rootfs/usr/sbin/dropbearkey \
177- $rootfs/usr/sbin/dropbearconvert \
178- "
179- echo $utils | xargs -n1 ln -s /usr/sbin/dropbear
180-
181- # add necessary config files
182- mkdir $rootfs/etc/dropbear
183- dropbearkey -t rsa -f $rootfs/etc/dropbear/dropbear_rsa_host_key > /dev/null 2>&1
184- dropbearkey -t dss -f $rootfs/etc/dropbear/dropbear_dss_host_key > /dev/null 2>&1
185-
186- echo "'dropbear' ssh utility installed"
187- fi
188-
189 return 0
190 }
191
192@@ -315,12 +398,12 @@ remap_userns()
193 usage()
194 {
195 cat <<EOF
196-$1 -h|--help -p|--path=<path>
197+$1 -h|--help -p|--path=<path> -s|--ssh={dropbear,openssh}
198 EOF
199 return 0
200 }
201
202-options=$(getopt -o hp:n: -l help,rootfs:,path:,name:,mapped-uid:,mapped-gid: -- "$@")
203+options=$(getopt -o hp:n:s: -l help,rootfs:,path:,name:,mapped-uid:,mapped-gid:,ssh: -- "$@")
204 if [ $? -ne 0 ]; then
205 usage $(basename $0)
206 exit 1
207@@ -336,6 +419,7 @@ do
208 -n|--name) name=$2; shift 2;;
209 --mapped-uid) LXC_MAPPED_UID=$2; shift 2;;
210 --mapped-gid) LXC_MAPPED_GID=$2; shift 2;;
211+ -s|--ssh) SSH=$2; shift 2;;
212 --) shift 1; break ;;
213 *) break ;;
214 esac
215@@ -384,3 +468,28 @@ if [ $? -ne 0 ]; then
216 echo "failed to remap files to user"
217 exit 1
218 fi
219+
220+if [ -n "$SSH" ]; then
221+ case "$SSH" in
222+ "dropbear")
223+ install_dropbear
224+ if [ $? -ne 0 ]; then
225+ echo "Unable to install 'dropbear' ssh utility"
226+ exit 1
227+ fi ;;
228+ "openssh")
229+ install_openssh
230+ if [ $? -ne 0 ]; then
231+ echo "Unable to install 'OpenSSH' utility"
232+ exit 1
233+ fi ;;
234+ *)
235+ echo "$SSH: unrecognized ssh utility"
236+ exit 1
237+ esac
238+else
239+ which dropbear >/dev/null 2>&1
240+ if [ $? -eq 0 ]; then
241+ install_dropbear
242+ fi
243+fi
244--
2452.1.4
246
diff --git a/recipes-containers/lxc/files/make-some-OpenSSH-tools-optional.patch b/recipes-containers/lxc/files/make-some-OpenSSH-tools-optional.patch
new file mode 100644
index 00000000..2d287885
--- /dev/null
+++ b/recipes-containers/lxc/files/make-some-OpenSSH-tools-optional.patch
@@ -0,0 +1,49 @@
1From 34be0d3cd8c4eaca9929470bc8bce5e74975bccf Mon Sep 17 00:00:00 2001
2From: Bogdan Purcareata <bogdan.purcareata@freescale.com>
3Date: Thu, 23 Apr 2015 08:33:00 +0000
4Subject: [PATCH] lxc-busybox: make some OpenSSH tools optional
5
6Currently, when installing OpenSSH in a Busybox container, the template searches
7for all the OpenSSH client binaries available in the Debian distro package. The
8included tools might differ from distro to distro, so make part of the tools
9optional. The mandatory tools, without which installing OpenSSH fails, are
10"sshd" for the server and "ssh" and "scp" for the client.
11
12Upstream-Status: Submitted
13[https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-April/011696.html]
14
15Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
16---
17 templates/lxc-busybox.in | 9 +++++++++
18 1 file changed, 9 insertions(+)
19
20diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
21index 95961a3..17a3006 100644
22--- a/templates/lxc-busybox.in
23+++ b/templates/lxc-busybox.in
24@@ -197,6 +197,8 @@ install_openssh()
25 client_utils="\
26 ssh \
27 scp \
28+ "
29+ client_optional_utils="\
30 sftp \
31 ssh-add \
32 ssh-agent \
33@@ -230,6 +232,13 @@ $rootfs/var/run/sshd \
34 fi
35 done
36
37+ for bin in $client_optional_utils; do
38+ tool_path=`which $bin`
39+ if [ $? -eq 0 ]; then
40+ cp $tool_path $rootfs/$tool_path
41+ fi
42+ done
43+
44 # add user and group
45 cat <<EOF >> $rootfs/etc/passwd
46 sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
47--
482.1.4
49
diff --git a/recipes-containers/lxc/lxc_1.0.7.bb b/recipes-containers/lxc/lxc_1.0.7.bb
index 0da1e37f..f79ba762 100644
--- a/recipes-containers/lxc/lxc_1.0.7.bb
+++ b/recipes-containers/lxc/lxc_1.0.7.bb
@@ -32,6 +32,8 @@ SRC_URI = "http://linuxcontainers.org/downloads/${BPN}-${PV}.tar.gz \
32 file://lxc-busybox-use-lxc.rebootsignal-SIGTERM.patch \ 32 file://lxc-busybox-use-lxc.rebootsignal-SIGTERM.patch \
33 file://ppc-add-seccomp-support-for-lxc.patch \ 33 file://ppc-add-seccomp-support-for-lxc.patch \
34 file://lxc-fix-B-S.patch \ 34 file://lxc-fix-B-S.patch \
35 file://lxc-busybox-add-OpenSSH-support.patch \
36 file://make-some-OpenSSH-tools-optional.patch \
35 " 37 "
36 38
37SRC_URI[md5sum] = "b48f468a9bef0e4e140dd723f0a65ad0" 39SRC_URI[md5sum] = "b48f468a9bef0e4e140dd723f0a65ad0"